This campaign, dubbed "Jaguar Tooth," is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity.
This is just the latest supply chain attack threatening users, after the SolarWinds incident in 2020 and the REvil ransomware group exploiting Kaseya VSA in 2021.
Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.
Cisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild.
* HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. * Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directl
Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial insti
* LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. * Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. * Changes in these LodaRAT variants include new f
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer
Even organizations that use Exchange Online may still be affected if they run a hybrid server.